Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209951.roa
File:                     AS209951.roa (raw, json)
Hash identifier:          26od0mQwWnBvtLbwy54dvLeO/XNwmzQgcqtLP+AyClw=
Subject key identifier:   DC:15:8D:20:24:35:3D:74:7A:85:34:2C:E5:6A:5C:71:44:72:C0:09
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0F941C4E44AB97DA14ED0CE4F6DB4AF8C8AB4CB5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209951.roa
Signing time:             Sun 07 Jun 2026 09:47:29 +0000
ROA not before:           Sun 07 Jun 2026 09:42:29 +0000
ROA not after:            Sun 06 Jun 2027 09:47:29 +0000
asID:                     209951
IP address blocks:        2a13:9500:a7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:94:1c:4e:44:ab:97:da:14:ed:0c:e4:f6:db:4a:f8:c8:ab:4c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  7 09:42:29 2026 GMT
            Not After : Jun  6 09:47:29 2027 GMT
        Subject: CN=DC158D2024353D747A85342CE56A5C714472C009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:83:78:d2:33:48:68:2e:f8:9a:2d:47:92:dd:
                    f1:44:89:1e:b9:40:51:80:8b:ce:6a:26:d1:bf:33:
                    c8:eb:cb:6b:1a:5b:2a:fe:b6:57:16:6d:62:c8:f3:
                    59:e5:9b:60:7a:e7:a7:17:74:96:91:a0:ff:31:3c:
                    ad:27:b6:df:7b:68:5e:c1:19:40:9a:22:78:20:10:
                    d4:32:b9:26:31:a7:37:c8:8c:8c:6b:b7:77:65:ab:
                    b4:25:b2:fa:79:ca:c7:94:a0:d9:69:ba:16:39:ce:
                    34:24:e2:9f:a1:32:6c:9a:9f:36:0f:21:d2:27:03:
                    96:ee:59:48:ac:c6:89:f3:dd:db:06:31:7d:4b:3e:
                    81:4b:c4:a7:4a:f2:d8:8e:25:d9:72:93:c2:4c:6f:
                    d4:28:03:62:4f:0d:67:42:04:59:91:70:ec:a2:2c:
                    61:bd:79:b7:2f:bc:83:d4:00:d8:de:57:79:de:55:
                    2f:a0:7b:91:cd:55:3c:ed:4d:35:1f:ca:70:df:d7:
                    75:18:49:4f:cf:67:88:7f:b2:a8:b6:00:de:46:53:
                    0e:a8:ac:80:85:8a:92:58:1c:1d:58:a1:12:38:12:
                    2b:f9:3b:36:94:93:5b:b2:bd:a4:3d:89:d2:2c:48:
                    5b:da:98:bd:cc:50:2a:85:04:98:d6:e7:71:d6:a9:
                    65:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:15:8D:20:24:35:3D:74:7A:85:34:2C:E5:6A:5C:71:44:72:C0:09
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209951.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a7::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:e2:e1:9a:94:30:9c:54:dd:fc:e2:fd:74:1a:f8:58:bd:d9:
         c1:62:ac:f4:7b:91:d0:f5:c8:8f:30:0b:39:89:25:3e:1d:2f:
         e3:ac:64:b3:d9:cb:89:ea:ef:ab:04:f3:5d:9a:3f:7a:f7:c3:
         d6:f0:34:a3:ef:b7:5a:30:3f:46:c6:18:14:da:6f:36:7d:74:
         5a:b4:80:4d:fa:72:ba:33:c0:54:b3:b1:15:95:94:b6:d1:c4:
         a6:fd:9d:96:02:70:dd:0f:38:6e:07:8d:ff:d4:b0:a9:25:44:
         f5:3e:2b:93:62:5d:14:1b:55:55:a6:f9:57:b6:28:de:0b:e0:
         ad:d4:66:33:cd:76:ee:2f:03:59:f3:63:f5:32:a8:1f:6e:82:
         45:ae:86:77:78:60:8b:3d:70:10:37:80:a3:d4:ef:2a:be:fe:
         b2:a9:c2:47:23:c8:4f:57:79:d5:41:d0:d1:cd:d1:d4:69:d1:
         a5:4b:4d:85:d8:b8:6c:25:e7:09:9a:da:39:b2:0a:a1:ae:b1:
         1f:09:60:fb:da:94:18:ff:8f:fb:9c:c6:93:fd:01:e3:7d:8e:
         23:92:e2:d4:44:78:b2:98:41:99:7b:1a:31:33:af:65:38:26:
         81:6b:0e:cf:3d:e9:5f:4d:62:d4:d8:0e:ed:82:d1:a9:28:bb:
         b4:16:e7:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUD5QcTkSrl9oU7Qzk9ttK+MirTLUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDcwOTQyMjlaFw0yNzA2MDYwOTQ3MjlaMDMxMTAvBgNV
BAMTKERDMTU4RDIwMjQzNTNENzQ3QTg1MzQyQ0U1NkE1QzcxNDQ3MkMwMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2g3jSM0hoLviaLUeS3fFEiR65
QFGAi85qJtG/M8jry2saWyr+tlcWbWLI81nlm2B656cXdJaRoP8xPK0ntt97aF7B
GUCaInggENQyuSYxpzfIjIxrt3dlq7Qlsvp5yseUoNlpuhY5zjQk4p+hMmyanzYP
IdInA5buWUisxonz3dsGMX1LPoFLxKdK8tiOJdlyk8JMb9QoA2JPDWdCBFmRcOyi
LGG9ebcvvIPUANjeV3neVS+ge5HNVTztTTUfynDf13UYSU/PZ4h/sqi2AN5GUw6o
rICFipJYHB1YoRI4Eiv5OzaUk1uyvaQ9idIsSFvamL3MUCqFBJjW53HWqWWzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3BWNICQ1PXR6hTQs5WpccURywAkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5OTUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACnMA0GCSqGSIb3DQEBCwUAA4IBAQCG4uGalDCcVN384v10GvhYvdnBYqz0e5HQ
9ciPMAs5iSU+HS/jrGSz2cuJ6u+rBPNdmj9698PW8DSj77daMD9GxhgU2m82fXRa
tIBN+nK6M8BUs7EVlZS20cSm/Z2WAnDdDzhuB43/1LCpJUT1PiuTYl0UG1VVpvlX
tijeC+Ct1GYzzXbuLwNZ82P1MqgfboJFroZ3eGCLPXAQN4Cj1O8qvv6yqcJHI8hP
V3nVQdDRzdHUadGlS02F2LhsJecJmto5sgqhrrEfCWD72pQY/4/7nMaT/QHjfY4j
kuLURHiymEGZexoxM69lOCaBaw7PPelfTWLU2A7tgtGpKLu0Fudq
-----END CERTIFICATE-----